Using Vendor-Supplied Authenticode Signatures To Authenticate Drivers
Setup uses vendor-supplied Authenticode signatures to authenticate drivers before it installs them. Authenticode™ signatures are supported only on Microsoft® Windows® Server 2003 and later versions. It is recommended that you use an Authenticode signature to authenticate a driver only if WHQL does not have a test program for the corresponding device setup class.
Before installing a driver, Setup performs the following sequence of verification steps:
- Checks if the catalog file for the driver package has a valid WHQL digital signature. If the signature is valid, Setup does not do the remaining verification steps and installs the driver. Setup does not display a user dialog. (For more information, see Using WHQL Digital Signatures To Authenticate Drivers.) If the WHQL digital signature is not valid, Setup goes to step 2.
- If the WHQL digital signature is not valid, Setup logs an entry in the SetupAPI log file. To find a corresponding log entry in the SetupAPI log file, search for the term "unsigned." (For more information on SetupAPI log, see Using SetupAPI Logging).
After making a log entry, Setup checks if a WHQL test program exists for the device setup class. If so, Setup employs the Driver Signing Option set for the machine (Ignore, Warn, or Block). Setup does not perform the remaining verification steps. If there is no WHQL test program for the device setup class, Setup goes to step 3.
- If there is no WHQL test program for the device setup class, Setup checks if the catalog file for the driver package has a valid Authenticode signature. If the Authenticode signature is not valid, Setup does one of the following, depending on which Driver Signing Option the system administrator sets for the machine in the Device Manager:
- If Block is set, Setup informs the user that the driver cannot be installed.
- If Warn is set, Setup displays a dialog that informs the user that the authenticity of the driver cannot be verified, and it gives the user the option to cancel the installation of the driver.
- If Ignore is set, Setup installs the driver without displaying a user dialog.
Setup does not perform any of the remaining verification steps. If the Authenticode signature is valid, Setup goes to step 4.
- If the Authenticode signature is valid, Setup checks if the signature's certificate is installed in the trusted publisher certificates store. If the signature's certificate is not in the certificate store, Setup does one of the following, depending on which Driver Signing Option the system administrator sets for the machine:
- If Block is set, Setup informs the user that the driver cannot be installed.
- If Warn is set, Setup displays a user dialog that informs the user who the publisher of the driver is, that the driver is signed with a valid Authenticode signature, but that the driver is not certified by WHQL. The dialog also gives the user the option to cancel the installation of the driver. (Note that this is similar to how Internet Explorer interacts with a user before it installs a plug-in.)
- If Ignore is set, Setup installs the driver without displaying a user dialog.
If the certificate for the driver package is installed in the trusted publisher certificates store, Setup goes to step 5.
- If the certificate for the driver package is installed in the trusted publisher certificates store, Setup installs the driver without displaying a user dialog.
For more information about using Authenticode signatures, see Using SetupAPI To Verify Driver Authenticode Signatures.
Trusted Publisher Certificates Store
The trusted publisher certificates store contains information about the Authenticode certificates of trusted publishers that are installed on a machine. Use an Authenticode certificate to create a vendor-supplied Authenticode signature. System administrators can use one of the following ways to install Authenticode certificates in the trusted publisher certificates store:
